New Search

RHSA-2009:1060 -- pidgin security update (Important)

oval:org.mitre.oval:def:29110

Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer and the remote target sends a malformed response it could cause Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP such as Jabber and Google Talk. (CVE-2009-1373)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
Class:
patch
Reference(s):
  • RHSA-2009:1060
  • CESA-2009:1060-CentOS 5
  • CVE-2009-1373
  • CVE-2009-1374
  • CVE-2009-1375
  • CVE-2009-1376
Product(s):
  • pidgin